SSH访问Amazon EC2实例时权限被拒绝（publickey）[关闭]

最新推荐文章于 2025-05-02 14:55:27 发布

xfxf996

最新推荐文章于 2025-05-02 14:55:27 发布

阅读量4.3k

点赞数

CC 4.0 BY-SA版权

文章标签： amazon-web-services ssh amazon-ec2

原文链接：https://oldbug.net/q/1Fq6e/Permission-denied-publickey-when-SSH-Access-to-Amazon-EC2-instance-closed

当尝试SSH访问Amazon EC2实例时遇到'Permission denied (publickey)'错误，可能的原因包括使用错误的密钥对、用户名或主机。确保使用正确的用户名（如ec2-user或ubuntu），检查.pem文件，并确认安全组配置允许SSH流量。如果密钥对丢失，需创建新实例并使用新密钥对。等待几分钟再尝试连接有时也能解决问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

本文翻译自：Permission denied (publickey) when SSH Access to Amazon EC2 instance [closed]

I want to use my Amazon ec2 instance but faced the following error: 我想使用我的Amazon ec2实例，但遇到以下错误：

Permission denied (publickey).

I have created my key pair and downloaded .pem file. 我创建了密钥对并下载了.pem文件。

Given: 鉴于：

chmod  600 pem file.

Then, this command 然后，这个命令

ssh -i /home/kashif/serverkey.pem  ubuntu@ec2-54-227-242-179.compute-1.amazonaws.com

But have this error: 但有这个错误：

Permission denied (publickey)

Also, how can I connect with filezilla to upload/download files? 另外， 如何连接filezilla上传/下载文件？

#1楼

参考：https://stackoom.com/question/1Fq6e/SSH访问Amazon-EC-实例时权限被拒绝-publickey-关闭

#2楼

This error message means you failed to authenticate. 此错误消息表示您无法进行身份验证。

These are common reasons that can cause that: 这些是导致这种情况的常见原因：

Trying to connect with the wrong key. 试图用错误的密钥连接。 Are you sure this instance is using this keypair? 你确定这个实例正在使用这个密钥对吗？
Trying to connect with the wrong username. 试图用错误的用户名连接。 ubuntu is the username for the ubuntu based AWS distribution, but on some others it's ec2-user (or admin on some Debians, according to Bogdan Kulbida's answer)(can also be root , fedora , see below) ubuntu是基于ubuntu的AWS发行版的用户名，但是对于其他一些ec2-user来说，它是ec2-user （或根据Bogdan Kulbida的回答admin一些Debian）（也可以是root ， fedora ，见下文）
Trying to connect the wrong host. 试图连接错误的主机。 Is that the right host you are trying to log in to? 这是您尝试登录的正确主机吗？

Note that 1. will also happen if you have messed up the /home/<username>/.ssh/authorized_keys file on your EC2 instance. 需要注意的是1.也会发生，如果你搞砸了/home/<username>/.ssh/authorized_keys文件，您的EC2实例。

About 2. , the information about which username you should use is often lacking from the AMI Image description. 关于2. ，您应该使用的用户名信息通常缺少AMI图像描述。 But you can find some in AWS EC2 documentation, bullet point 4. : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html 但您可以在AWS EC2文档中找到一些内容，第4.点： http ： //docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Use the ssh command to connect to the instance. 使用ssh命令连接到实例。 You'll specify the private key (.pem) file and user_name@public_dns_name. 您将指定私钥（.pem）文件和user_name @ public_dns_name。 For Amazon Linux, the user name is ec2-user. 对于Amazon Linux，用户名为ec2-user。 For RHEL5, the user name is either root or ec2-user . 对于RHEL5，用户名是root或ec2-user 。 For Ubuntu, the user name is ubuntu . 对于Ubuntu，用户名是ubuntu 。 For Fedora, the user name is either fedora or ec2-user . 对于Fedora，用户名是fedora或ec2-user 。 For SUSE Linux, the user name is root . 对于SUSE Linux，用户名为root 。 Otherwise, if ec2-user and root don't work, check with your AMI provider. 否则，如果ec2-user和root不起作用，请咨询您的AMI提供商。

Finally , be aware that there are many other reasons why authentication would fail. 最后，请注意，身份验证失败还有许多其他原因。 SSH is usually pretty explicit about what went wrong if you care to add the -v option to your SSH command and read the output, as explained in many other answers to this question. 如果您需要将-v选项添加到SSH命令并读取输出，SSH通常非常明确地指出了什么问题，正如此问题的许多其他答案中所解释的那样。

#3楼

I solved the problem just putting sudo before 我之前把sudo解决了问题

sudo ssh -i mykey.pem myec2.amazonaws.com

But the proper solution is to change the ownership first, and then connect as a normal user as Janus Troelsen said below. 但正确的解决方案是首先更改所有权，然后像Janus Troelsen所说的那样以普通用户身份进行连接。 In my case it would be: 在我的情况下，它将是：

chown wellington:wellington key.pem

#4楼

In this case the problem arises from lost Key Pair. 在这种情况下，问题是由丢失密钥对引起的。 About this: 对这个：

There's no way to change Key Pair on an instance . 无法在实例上更改密钥对 。 You have to create a new instance that uses a new Key Pair. 您必须创建一个使用新密钥对的新实例。
You can work around the problem if your instance is used by an application on Elastic Beanstalk . 如果您的实例由Elastic Beanstalk上的应用程序使用，则可以解决此问题 。

You can follow these steps: 您可以按照以下步骤操作：

Access to AWS Management Console 访问AWS管理控制台
Open Elastic Beanstalk Tab 打开Elastic Beanstalk选项卡
Select your application from All Applications Tab 从All Applications选项卡中选择您的应用程序
From left side menù select Configuration 从左侧menù选择配置
Click on the Instances Gear 单击Instances Gear
In Server Form check the EC2 Key Pair input and select your new Key Pair. 在服务器表单中，检查EC2密钥对输入并选择新的密钥对。 You may have to refresh the list in order to see a new Key Pair you're just created. 您可能必须刷新列表才能看到刚刚创建的新密钥对。
Save 保存
Elastic Beanstalk will create for you new instances associated with the new key pair. Elastic Beanstalk将为您创建与新密钥对关联的新实例。

In general, remember you have to allow your EC2 instance to accept inbound SSH traffic. 通常，请记住您必须允许EC2实例接受入站SSH流量。

To do this, you have to create a specific rule for the Security Group of your EC2 instance. 为此，您必须为EC2实例的安全组创建特定规则。 You can follow these steps. 您可以按照以下步骤操作。

Access to AWS Management Console 访问AWS管理控制台
Open EC2 Tab 打开EC2选项卡
From Instances list select the instance you are interested in 从Instances列表中选择您感兴趣的实例
In the Description Tab chek the name of the Security Group your instance is using. 在Description选项卡中， chek您的实例正在使用的安全组的名称。
Again in Description Tab click on View rules and check if your Security Group has a rule for inbound ssh traffic on port 22 再次在“ 描述”选项卡中，单击“ 查看规则”并检查您的安全组是否在端口22上具有入站ssh流量规则
If not, in Network & Security menù select Security Group 如果没有，请在Network＆Securitymenù中选择安全组
Select the Security Group used by your instance and the click Inbound Tab 选择实例使用的安全组 ，然后单击“ 入站”选项卡
On the left of Inbound Tab you can compose a rule for SSH inbound traffic: 在“入站”选项卡的左侧，您可以为SSH入站流量组成规则：
- Create a new rule : SSH 创建新规则 ：SSH
- Source : IP address or subnetwork from which you want access to instance 来源：您希望从中访问实例的IP地址或子网
- Note : If you want grant unlimited access to your instance you can specify 0.0.0.0/0 , although Amazon not recommend this practice 注意：如果您希望授予对实例的无限制访问权限 ，则可以指定0.0.0.0/0 ，尽管亚马逊不推荐这种做法
Click Add Rule and then Apply Your Changes 单击添加规则 ，然后单击应用您的更改
Check if you're now able to connect to your instance via SSH. 检查您现在是否能够通过SSH连接到您的实例。

Hope this can help someone as helped me. 希望这能帮助有人帮助我。

#5楼

这就是我解决问题的方法

ssh -i <key> ec2-user@<ec2 ip>

#6楼

This has happened to me multiple times. 这种情况多次发生在我身上。 I have used Amazon Linux AMI 2013.09.2 and Ubuntu Server 12.04.3 LTS which are both on the free tier. 我使用的是Amazon Linux AMI 2013.09.2和Ubuntu Server 12.04.3 LTS，它们都是免费的。

Every time I have launched an instance I have permission denied show up. 我每次启动一个实例时都会被拒绝显示。 I haven't verified this but my theory is that the server is not completely set up before I try to ssh into it. 我还没有验证这一点，但我的理论是在尝试ssh之前服务器没有完全设置。 After a few tries with permission denied, I wait a few minutes and then I am able to connect. 经过几次尝试拒绝许可后，我等了几分钟然后我才能连接。 If you are having this problem I suggest waiting five minutes and trying again. 如果你遇到这个问题我建议等五分钟再试一次。